Risk management supports the implementation of Atria’s strategy and the achievement of its goals, as well as developing the organisation in the operating environment outlined in Atria’s strategy. Risk management also aims to prevent unfavourable events and safeguard business continuity.
Atria defines risk as the impact of uncertainty on the company’s objectives. Risks can cause positive or negative deviations from set goals. For reporting purposes, Atria’s risks are divided into four categories: strategic risks, operational risks, liability risks and financial risks. Risks are also divided into internal and external risks depending on whether they are posed by factors external to the Group or by internal factors. Material sustainability aspects, i.e. risks related to environmental, social and governance responsibility, are taken into account in the dual assessment.
Risk management is guided by the company’s risk management policy, which has been approved by the Board of Directors, and by the ISO 31000 and ISO 31010 standards as applicable. The recommendations of the Securities Market Association (SMA) for listed companies have also been observed in the arrangement of risk management. The risk management policy specifies Atria’s risk management goals, principles, responsibilities and authorisations, along with the principles of risk assessment and reporting. More detailed guidelines for operating methods concerning risk identification and reporting are provided in Atria’s risk management process guidelines.
Risk management is part of Atria’s day-to-day business operations, and risk management enables the company to consider the impact of uncertainty on its operations when making decisions. Risk management at Atria Group is based on consistent risk identification, assessment and reporting, and risk management is part of the annual planning process. Communication related to risks complies with the Group’s communication plan. Risks are managed in accordance with the specified approved principles in all business areas and Group operations.
The Board of Directors approves the Risk Management Policy and its amendments and oversees the implementation of the principles set out in the policy. The identification, management, control and reporting of sustainability-related material impacts, risks and opportunities is part of Atria's overall risk management. The Group CEO is responsible for the proper organisation of risk management at Atria and the Group CFO for the development of the risk management and risk reporting framework. The results of the Atria Group's risk management and measures to manage risks, including material impacts, risks and opportunities related to sustainability and their management, are presented to the Board of Directors of Atria Plc twice a year.
The Board of Directors and the members of the Group Management Team are responsible for identifying and assessing strategic risks and implementing risk management in their respective areas of responsibility. Strategic risks (including material impacts, risks and opportunities related to the strategy) are discussed at least annually and separately for each significant business decision. Risk management measures are decided at the same time. The members of the Group Management Team are also responsible for the identification and assessment of operational risks and the implementation of risk management in their respective business areas and/or areas of responsibility. In the Group's largest Business Areas, risk assessment and monitoring is also carried out by specific Business Area internal steering and responsibility groups, composed of senior management and coordinated by the Risk Manager. Risk Manager is responsible for reporting the results and development measures of the steering groups to the members of the Group Management Team and the Board of Directors, who oversee the risk management work. The Group Finance Committee, comprising the Group CEO, CFO, Treasurer and Group Controller as permanent members, is responsible for the identification and assessment of financial risks and the implementation of risk management throughout the Group. The work of the Finance Committee is supervised by the Board of Directors. Targets relating to material impacts, risks and opportunities are set as part of both the Group's strategy work and operational risk management by those involved in risk management, and the targets are monitored as part of risk management reporting.
The key findings of the risk mapping exercise undertaken as part of the Group's planning process are taken into account in the preparation of the annual internal audit plan. Each Atria employee is responsible for identifying and assessing risks related to his or her own work or otherwise identified, and for presenting and preventing risks.
The Group's governance, management and supervisory bodies use external assistance as necessary to develop risk management skills and expertise (including in relation to sustainability), The need for specific skills and training is identified through internal assurance and evaluation. The most significant risks and uncertainties brought to the attention of the Board of Directors are reported in the Board's Annual Report in the section "Risk management at Atria".